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Abstract 

Accurate analysis of reliability of system requires that it accounts for all major variations in system's opera- 
tion. Most reliability analyses assume that the system configuration success criteria, and component behavior 
remain the same. However, multiple phases are natural. We present a new computationally efficient technique for 
analysis of phased mission systems where the operational states of a system can be described by combinations of 
components states {such as fault trees or assertions) Moreover, individual components may be repaired, if failed, 
as part of system operation but repairs are independent of the system state. For repairable systems Markov 
analysis techniques are used but they suffer from state space explosion That limits the site of system that can 
be analysed and it is expensive in comput stioo. We avoid the state space explosion . 1 be phase algebra is used to 
account for the effects of variable configurations, repairs, and success criteria from phat* to phase. Our technique 
yields exact (as opposed to approximnte) result* We demonstrate our technique by means of several examples 
and present numerical results to show tbe effects of phases and repairs cn the system reliahilitv/availability 
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1 Introduction 


Accurate analysis of reliability of system require* that it accounts for all major van at ions in system's operation. 
Most reliability analyses assume that the system configuration, success criteria, and component behavior re ma in 
the same However, multiple phases are natural. The system configuration, operational requirements for indi- 
vidual components, the success critetia. and the stress on the components (and thus the failure rates) may vary 
from phase to phase. Various techniques and tools have been developed [l]-[4] to analyse single mission system. 
Phased-mission system analysis also has received substantial attention by researchers [5] - [12]. 

Depending on the requirements during different phases, different components may be placed in or removed 
from service or repaired during a phase to balance the system reliability and the cost of operation. The success 
of a redundancy management scheme determines if a system is operational or not. The usage of subsystems may 
also vary from phase to phase and subsystem supporting those services may remain idle or may be switched 
off. Furthermore, the duration of any phase may be deterministic or random. All these variations affect the 
system reliability For example, in an airplane system, landing gear and its associated control subsystems are 
not required during cruising phase So exact analysis should not ignore such behaviors. 

Sometimes the effects of individual phases may be ignored in favor of simpler ana. /sis For example, in case 
of landing gear example if the failure rate of landing gear is very small for all phases, counting the failure of 
landing gear during entire flight may not affect mult significantly. On the other hand in another example, 
in a space mission, the first phase (launch) is the most severe and uses many components for a few uunutes 
whoae failure rates are high l sing the high failure rates and exposure ume equal to the mission time for those 
components is guaranteed to result into useless analysis 

In approximate analysts, most of the time only conservative estimates are made yielding the worst case 
unreliability of the system One adv erse effect of this it that the sy stems may be over-designed A more accurate 
analysis avoids this, in particular where there may be wide variations in the parameters and system configuration 
from phase to phase. If one phase experiences much more stress than others then ii is necessary to account for 
such effects properly. Different aspects of phased- mission analysts are discussed by several researcher* • ’12] 

A phased-miswon system can be analysed accurately using Markov methods. However that suffers from 
stare-space explosion and is expensive in time In '12’, the authors presented a methodology to analyse non- 
repayable phased-misston systems in which failure rates, configuration and success criteria may vary from phase 
to phase Moreover the success criteria can be specified using fault trees or an equivalent representation. A 
majority of systems can be represented using fault trees They tolve the system without generating a Markov 
chain. Phases are handled one at a time to compute the overall unreliability of tb< entire mission This technique 
is computationally lew expensive As a result, large systems can be managed 
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(i is possible that during long missions, repairs are carried out on components or subsystems to increase 
the life of system For example, in a long manned space mission, failed components will be repaired and must 
be appropriately accounted for in the analysis. The form of repair may vary For example, a system may be 
completely replaced by another new system or only maintenance check; i.'.sy be carried out and subsystems are 
repaired in the conventional sense Markov analysis techniques can be used but. as stated earlier, may require to 
manage huge state space and computation time We extend the methodology of [12] in this paper significantly by- 
including repairs of independent components. We require that the system success criteria is dependent only on 
the state of individual component and as long as the success criteria is satisfied, the phase remains operational. 
The results of this paper allows analysis of large systems with component repairs efficiently. In the descriptions 
below, w e will assume that a reader is generally familiar with .Markov chain-based analysis. We will use it to 
describe certain situations but will propose a methodology which does not explicitly generate the state space. 

in all of this work, phase transitions are assumed to be instantaneous and no loss or gain is assumed in the 
probability of any particular state in Markov chain However, due to change in success criteria, some operational 
states may be seen as failure states in the next phase and are treated as latent failures for analysis. For example, 
if the landing gear develops a problem during cruising, the flight will continue in air but the last phase, landing, 
may not be successful Thus the landuig gear failure is latent. If the failed landing gear can be repaired duriug 
the flight, then the effect can be accounted for in the analysis 

We present some related work in the next section Then we describe some concepts which we will use 
throughout the paper. Following that we present handling of repairable systems and our methodology to manage 
computation efficiently. We present a few examples and demonstrate the effectiveness of our work. In all cases, 
the results are compared with LHARP [10] results which compute unreliability of phased mission system correctly 
as it follows state-to-statc mapping from phase to phasr 

2 Related Work 

Eaary and '/tehms [5] di*ruv< analysis of multiple configuration systems during different phases of a mission 
using reliability block diagram {RBD) For phase p each component is represented by a senes of a block*, one 
corresponding to each phase starting with phase 1 to phase p Ali phase RBDf are connected in series and 
solution of ibis RBD correctly predicts the reliability of the three phase system. This results in a large RBI) and 
failure of components cannot be accounted for. Pedar and Sarma [6] enhanced this technique to sy stematically 
cancel out the common events in earlier phases* which are accounted for in later phases in the RBD* We will user 
Esary and Ziehm* a representation for component* in various phases for analysis but perform the computation 
differently 
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Alam and Al-$«ggaf [7] use Markov chain and Smothtrman et ai. [9] use a non-homogencous Markov model 
to include phase changes in the model. The Markov chain in both cases can be very huge. It should be pointed 
out that the latter technique allows the most accurate analysis if phase changes are not smooth. However, this 
requires large amount of storage and computation time to solve a system, thus limiting the type of system that 
can be analysed. Somani et. al. ’10] presented a computationally efficient method to analyse multi-phased 
systems and a new software tool for reliability analyses of such systems. A system with variable configuration 
and success criteria results in different Markov chains for different phases. Instead of generating and solving 
•n overall Markov chain, they advocate generating and solving separate Markov chains for individual phases. 
The variation in success criteria and change in system configuration from phase to phase are accommodated by 
providing an efficient mapping procedure at the transition time from one phase to another. While analysing a 
phase, only the states relevant to that phase, are considered. Thus each individual Markov chain is much smaller 

Using a similar approach. Dugan [8] suggested another method in which a single Markov chain with state 
space equal to the union of the state spaces of the individual phases is generated The transitions rates are 
parameterired with phase numbers and the Markov chain is solved p times for p phases. However, the failure 
criteria is also the union of all phases failure criteria as any failed state in any phase is considered failed state for 
the whole system. Thus, the scheme is only applicable is the success criteria does not change over the phases. 


3 Distribution Functions with Mass at Origin 

As in (12). we will use the concept of cumulative distribution functions with a mass at the origin in our work 
Consider a random variable X with cumulative distribution function given by 

Fxit) * (1 - f- Ar ») + *‘* T, tl - «-“)■ 

This function has a mass at the origin given by P{X a 0> = (i-r* T ') . The second term represents the 
continuous part of the distribution function 

<*dcr to illustrate the use of such a CDF. consider a component with a constant failure rate of X that 
is used in a phased mission system Assume that the system has just completed one phase of duration 7j and 
it currently in the second phase The above CDF can be assigned as the failure probability distribution of 
the component in the second phase The first term in the above expression represents the probability that the 
component has already failed in the first phase Tbe second term represents the failure probability distribution 
for this component for the second phase The time origin for the second phase is reinitialised to the beginning 
of the phase. We will use such distribution functions to represent failure probabilities of individual components 
during different phases. 
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3.1 Component Model with Repairs 


The model described above can be extended to include repair for a component. Let X be a component whose 
failure and repair rates in phase p are denoted by X Xp and p Xr . respectively. Failure and repair times are 
assumed to follow exponential distribution. We define 

*JCr<0 *c-<****«e-' <*> 

where t is the time after the system entered the phase p. We can compute probabilities of component A' being 
operational (up) or not -operation a) (failed! by solving a two state Markov chain for the component. At the 
beginning of a phase a component may be in an operational or failed state With either of the initial states, the 
component may be operational or failed at the end of the phase due to failure and repairs involved during that 
phase To compute the probabilities for a component to be operational or failed at the end of the phase, we need 
to compute the probabilit ies of all the four possible rases. 

We will fellow a 4 character suffix with probabilities The first character is the name of the component (i.e 
A'. V) The second character « v for up or / for failed and is associated with the starting state of ihat component 
in a phase. The third character is u or / as earlier It can also l«e t if it refers to probability at the end of a phase 
or a b if it refers to the probability at the beginning of a phase. The fourth character p is for phase number The 
first and the fourth characters will change with components or phase number we are dealing with If it is given 
that the component X is up. then the probabilities that it wit! remain up or failed after time t has elapsed in 
phase p are given by 

/ s ®lf(0 A * 1 1 ~ (*) 

and 

Px»fr — (1 -<**>(*)) Ml “ 3x f ) (3) 

Similarly if it is given that component .V is failed, then the probabilities that it will remain up or failed are given 
b> 

Pxj*r = * <1 “ °Xr'*)) (■*! 

and 

Pxs)t * 1 - AcpMl - <ol 

If the probabilities .bat component A is initially up and failed at the beginning of the phase p are p.* t »r and 
px;y j respectively then the probabilities that the component i* up or failed after time t has elapsed in phase p 
are given b> 

/%«#»< !l)«PX«»f •FXy*e(li-‘- P\ }t f *Px/*r»<) (6) 
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and 


Pxftpit) - Px**f * PXu'f(t) + PXfH •Px/Sr(0- 


(7) 


The overall operational and failed state probabilities for a component can be evaluated at the end of phase p by 
substituting 1 = T r in the the above expressions. They include the mass at the origin (the initial up or failed state 
probabilities'. T r is the duration of phase p. For example, suppose for a component A' in phase 1 . if p x i « 9* A* i . 
7i = lOhrs. and pxi and *xi at* chosen so that ax:(10) = 0.9. dxi = 0.9. Then. px**i = 0.99, px«/i — 0.01, 
Pxju i * 0.09. and Px//i = 0.91. If - 10 and pxja — 0.0. then px%.». — 0.99 and px/#: - 0.01. 
If. on the other hand. px*»i = 0 99 and Px;n = 0.01. then px„,: = 0.99 • 0 99 + 0.01 * 0.09 = 0.991 and 
px./ct =0.99 *0 01 + 0.01 * 0 01 = 0 019. 


4 Phased-Mission and Component Repairs 

In analysis of reliable system when a system enters a failure state during a phase, the entire mission is considered 
to have failed. So the next phase only begins, if the system remains operational during all previous phases If the 
components are not repaired, the success or failure of system depends on the cumulative operational probabilities 
and success criteria defined by the combinations of states of operational components. In such cases, as shown in 
(10]-J12). one can compute the success probability of the whole mission 

Notice that a system state may be considered as a failed state in phase p but may be a success state in the 
next phase due to a less stringent success criteria. This is acceptable behavior even in reliable systems In such 
caaes. nil state occupation probabilities (SOPs) accumulated m such states up to only phase p are considered 
to be contributing towards failure of mission Thereafter they are considered as part of success This is key to 
correct analysis of a phased- mission system and is implemented in E.HARP. 

In certain situations however, it is possible to design systems that include repairs to keep reliability high. 
For example, in a long mision. to improve reliability and performance, it may be advisable and necessary to 
carry out repairs on system during operation of system Since in different phases success criteria* vary, all of the 
components may not be used in all phases When certain components are not required for the system operation, 
they may be repaired and employed again in the following phases. The repairs are to remain in ready state for 
future phases. In phases when repairs are carried out. the system status is not affected hv the component! under 
repairs. In Markov chain representation this implies that the repair transition* are from failed states to failed 
■tales or operation stales to operation status hi such cam. we can compute reliability more efficiently using 
the approach nf this paper. 

For example consider two components. A and B. system which are used alternately in two consecutive phases. 
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Both components can fail in either phase but only the component not in use in a phase only undergoes repairs 
in that phase. The system operational and failed states for the two phases are shown in Figure 1. 



ia) Arrow $}$irn 



B b repatnd A is rtpavcd 




Figure 1 A two component system and its failed states 


In a repairable system, it is also possible that the system may enter from a failed state to a success state 
within the same phase Since the success criteria is specified using combinatorial methods, this will happen if the 
system up or failed state depends on a component which is also being repaired in that phase. In such case6. use 
of combinatorial methods only will not allow us to pay us attention to the fact *he system may transit through 
the failed states. One important consideration here is that must such transitions be allowed m the same phase* 
Strictly speaking, for critical operation system, once a system failure has occurred, it is catastrophic and must 
be treated as such This is. therefore. obviously not allowed lor reliable system as they are considered failed once 
the system enters a failed state. In that case, the technique of this paper cannot be applied as the system does 
not remain symmetric Such systems can only be solved using the techniques described in (7, 9. 10) and the tools 
such as t.'HARP. 

There are many other scenarios where the techniques developed in this paper will apply In ibis paper we are 
assuming that component repairs are independent of system states and are earned out based on the component 
states only, the success criteria may be such that this does not impart the results. If only those components 
are repaired that are not participating in the operation of a system in that phase then the success criteria 
automatically satisfies the requirement for correct analysis This is the case in the example of Figure 1. This is 
because (he up or failed state of such components would not affect the analysis as the) do not affect the success 
criteria. Alternatively, if the approach for success is that “all is well if *he end is wel!.' then also this analysis can 
be used What we mean hv this is that i f it is the system state at the end of a phase that counts and transient 
states during the operation do not matter for do not matter “much’'), then this technique can be used 


6 




Another question that arises is that can one start the next phase or not in a state where the system is 
considered failed For reliability analysis the obvious answer is no as the system has already failed But in some 
analysis, like performability or availability, this is obviously acceptable Thus handling of such states depends on 
the system definition. This is open to interpretation. For availability and perfbrmahility analysts, if a particular 
phase may fail in a particular combination, that combination may be considered further as the system may 
recover from it due to repairs In such cases, it is possible, that the next phase car begin e’ en if the system is 
in a failed state since it is possible that the system is brought back up in an operational state So. in essence we 
may be more interested in the availability of a system during a particular phases and not reliability according 
to definition of reliability. The availability then can be used to compute the perfortnahility of the system. This 
analysis is beyond the scope of this paper and is subject of our further research 


4.1 Examples Used in the Paper 

To describe and show Uie effectiveness of the work here, we will use the following three examples 

Example i. Our first example is the the one described earlier of a two components A and B. system that 
can be represented using four states in a Markov chain as shown m Figure 1. One component is repaired while 
the other is used for the system operation. Thus failure and success of system depends on the component being 
used. The may correspond to a factory floor where two machines are alternately used while other goee through 
its repair (or maintenance) cycle and is repaired as needed to bring it up to the fully operational state. We will 
consider a four phased system with different parameters and phase durations 

Example 2. The second example is of a slightly bigger system where we have more scope to show changes 
in system configuration that lead to system failure and success and finer points of the complexity involved in 
analysis This system consists of three component. A B. and C. One of these components may be repaired in 
a phase while the other two are used in a phase in some combinations The system remain* operational as long 
as the specified success criteria is satisfied The success criteria for each of the three phases is expressed using 
fault trees. Each time we use two components and depending on the requirements we may require both or any 
one of them operational. The failure rates of three components are A, Aj. and A f , respectively, and these aw 
defined for each phase separately. The repa*/ rates for these parameters are pg. pi. and p.. respectively. Two 
(•articular configuration ua. 'wo out of the three component are shown in Figure 2a 

•V Markov chain for a three mponent sjwtem with all repair arcs is also shown in Figure 2b In the Markov 
chain representation a 3-tuple wpreaents a state indicating tke status of the three components respectively. A 
‘T represents that the corresponding component is alive and a *0' represent that the component has failed For 
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Figure 2: la) Two configuration of a three component system and it) the Markov chain with all failure and 
repair arcs. 


example, a state (101 1 implies that component B has failed and the other two components are alive. A transition 
from one state to another state has a rate associated with it which is the failure rate of the component that fails 
or repair rate of the component that is repaired. For example, a transition from state (01 1 ) to state (010) has a 
transition rate of A«. States marked F are failure states. Similarly, a transition from state ; 010> to state (Oil) 
has a transition rate of p ; . 

Depending on success criteria and system parameters, only some of these states will be success stares in each 
phase. Some of the arcs may have 0 rate associated with them or the) may not exist For example, if a repair 
is not active, the corresponding arc may be dropped We will use several combination of two possible success 
criteria® in a three phase system. In each of these cases, one of the components will not be used in each phase 
and will be repaired. The component parameters and phase duration may vary. 



X Y Z XYZ X Y 2 


ctwtnGi'ftvroN i eoNnouwATtox : contkuwat*on » 


Figure 3 (*', Three configuration of a three component system. 


Example 3. For our third example, wo will use *»ll is well if the end is well approach ' We will use the 
same three component system of Example 2 but will use all three components in each phase The three phase 
configurations to be used are shown in Figure 3 The components are also repaired in each phase As long as a 
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phase terminates satisfying the suc<v*s criteria We wiU compare the results with the case when repair arcs are 
not allowed from the failed state (analysis perfot;r-»d using EBARP) and to notice the inaccuracies incurred in 
computation. 


5 Pbased-Mission Analysis 


Suppose we are given the failure, and repair rates for each component for each phase and the success criteria 
for each phase. The component failure and repair rates may be phase dependent We assume that the phase 
durations are deterministic 

To account for phasv- dependent failure and repair rates, we use the component model for failure and success 
distribution with mass at origin for each component as derailed in Section 3.1. We compute the distribution of 
failure for each component for each phase using the initial (beginning of that phase) up and failed probabilities 
and failure and repair rates for that phase. The failure distribution function is described in Equation 7. In there 
time I is measured from the beginning of phase p so that 0<t<T f . T r represents the duration of phase p This 
expression is in recursive form and can be further simplified by substituting P\* i f = (the final 

values for phase p - 1 as the initial values for phase p). But we prefer to leave the expressions for each phase 
as thev are in the recursive form as we need individual phase components in our computation to combine the 
results for all phases together 

Notice that a component may be up or failed in any phase with the distributions described in Equations 6 
and 7 irrespective of its status in he previous phase due to failure and repairs of that component in that phase 
This is in contrast to non- repairable system where a component can be up only if it is up at the beginning of 
the phase. 


If the failure and repair rates are age-depondent then one would have to consider lime as a global parameters, 
l e . time starts with the beginning of a mission and phase p starts at time CT t . . = £f“,' ft and finishes at 
“ Ei>: T; The probabilities /**%»?. fV«..> and Pr;fy are calculated using a single component 

model where both failure and repair rates are function of time The resulting component behavior is represented 
using a more complicated non -homogeneous Markov chain for wb'ch appropriate differential equations can be 


easily developed. However, solution of these equations doe* not have a closed form solution for general ;i(t) 


and A(/) [14) In specific cases when pxr(t) = 0 
compute p r , ur — 0.0. p,.» r = 10 . p r , v( . = 1 - 


and only failure rate A*,(f) is 

ill* 

»*■ and pxu„ * c 


a function of time, we can 
^ r >-< **' . The rest of 


the computation remains the same 
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5.1 Management of Phase-Dependent Success Criteria 

The success criteria in different phases may be different for a variety of reasons including {») not all components 
are used in all phases, (ii) the expected performance out of individual component* may be different in different 
phases, (till individual subsystems may be dropped or included in the system, (iv} the dropped (not used) 
subsystem may be repaired, and (v) additional redundancy may be provided or redundancy levels may be 
reduced for certain tasks. 

Due to a change in success criteria and repairs* it is possible that some combination of failures of components 
in one phase leads to failure of the system whereas the same combination does uot lead to failure in some other 
phas* The following five scenarios arise in computation at the time of phase transition from phase p to phase 
p+ \. The first four of these are the same as described in [12] for nou-repairable system 

l A combination of component failures does not lead to system failure in both phases /> and p - 1 

2. A combination of component failures leads to system failure in both phases p and p - 1. 

3. A combination cf component failures does not lead to system failure in phase p but leads to system failure 

in phase p + 1 . 

•T A combination of component failures leads to system failure in phase p but not in phase p+ 1 

5. Due to repair the system in a failed state may transit back to a up state 

The mechanism to compute unreliability of a system at time 1. whose behavior is described using fault trees 
for different phases is to compute the probabilities of all events at time t and then evaluate the fault tree using 
those event probabilities The events here are whether components are up or failed. We already have described 
mechanism to compute the even? probabilities at tim # t in Section 31 l sing that we can evaluate the fault tree 
applicable at time t 

The first three cases listed above directly contributes towards unreliability or reliability and are taken care 
appropriately by a fault tret' evaluation fault tree for « phase include failure combination? which remain 
common in all phases and those combinations which are considers as success earlier but are treated as failure 
in the current phase Such combinations can be treated as failure combinations over all phases as the system 
eventually fails in phase where this combination leads to system failure. These are referred to as latent failures 
in [11] Hence applying the failure criteria of the current phases to previous phases is correct and appropriate 
The unreliability can l>e evaluated by evaluating the fault tree for current phase. 

However, in order to compute correct unreliability, we must compute the probability of the system being in 
failed state in any phase. The fault tree evaluation for the current phase does not include the last two cases 
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If • system state is a failed state up to phase p and then, it is a up state the probability accumulated in that 
state up to the end of phase p must be counted towards unreliability. Such failure combinations can be identified 
using phase algebra as deseribed in [12]. 

The only additional complication now is due to repairs as listed in case V We need to identify the prohabilitv 
that is once associated with a failed state in a previous phase but now is been associated with a success state. 
A straightforward evaluation of fault tree associates such probabilities with auceeat states that get counted as 
reliability. We need to identify probabilities This can be done by extending the phase algebra 

Notice that even if the success criteria remains the last scenario must still be analvied and ace <unted for. 
Also notice that m most cases we assume that the components being repaired are those which are not being 
required for system operation in that phase 1 herefore the success criteria will not remain same over all phases 

In a Markov chain-based analysis, it is easier to keep track of the system states, and therefore change m 
system success criteria could be easily accounted f or. However, in the case of a fault tree, this change needs to 
be accounted for by considering those combinations when the system may or may not fail at the time of a phase 
transition. 

Thus, our methodology consists of the following steps. We divide the system unreliability of a phased mission 
system into three part* (i; common failure combinations; (nl phase failure combinations, and (tin repair to 
success combinations. Common failure combinations are specified by the fault tree description of the current 
phase. Phase failure combinations and repair to success combinations: are identified using the phase algebra. 
'These includes all thoee factors which describe failure ui previous phases but are not considered as failure now 
-or those flows which occurred from failed combinations to success combinations 

<5.2 Phase Failure and Repair to Success Combinations 

To determine phase failure and repair to success combinations fer a phase p in a P phase system, we use the 
following procedure Le t E, lie the Boolean logic expression specifying the failure combinations for phaiw p 
Then phase failure combinations which are treated as success combinations for all the sulisequent phases and 
.repair to success combinations for phase p. combiceh denoted a? (P/C r ) are given by 

PFC r — (■ ■ y(Ef A E f i\) a E,*j) ■ • ■ A Ep) 

_In the above expression we include only thewe combinations which are failure combinations in phase p but are 
asot failure combination* in any of the subsequent phases This expression can he simplified as 

prey = E t a v v £>;. 

The form of the expression are the same as tha: is given :r. [12] Header who is familiar with the work m 
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[12] should be careful while reading the section as there are a few differences for the algebra here from the one 
described in [12] The rules for manipulating expression are different to account for repairs. In fact, they are 
same as applicable for Boolean algebra and the special treatment for non-rcpairable systems as in [12] » not 
required any more Also, the computation of probability requires further attention. 

5.3 Phase Algebra 

Let f r 1 mean that component ,Y has failed Then x s 0 implies that component .Y has failed and — 1 
means that component A’ is operational. Using this notation for the system described in Figure 1. there is only 
one possible configuration but the component used m a phase changes from pha^e to phase. Thus, the following 
Boolean expression describe the failure for any phase Also the component not being used in a phase is assumed 
to be repaired. 

S£;.V) = * 

Similarly for tlie system described in Figure 2 the following Boolean expression* describe the failure combi- 
nations for phases using OR or AX D configurations 

o*riA\vj:=* + p 

AVw:iA.y)sf j? 

Notice that X and Y are only parameters here and will be replaced by A B. or C depending on the use 
of components It should also be noted that event Y denotes the failure of component X in that phase only. 
Thus for each phase, we need to define a separate symbol for each component This is very similar to Entry 
and Ziehras notation where they have a separate symbol denoting failure of a component in each phase Let 
x t - 1 denote the event that component A* is operational during phase p This is irrespective of the status of 
that component in any previous phase With this addition, tlie Boolean expression for phase p for system 1 is 
given by the following 

$£,( A*) = 77 

Similarly, the expressions for system 2 become 

OftFjl.WV? - + 


and 


respectively 


.lA7>L ; (A\n = xf* 
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Using the above two phases, it is possible i hat a system may be have 5.Y D configuration in phase p followed 
by A.\D or OR configuration in phase p~ 1 or OR configuration in phase p followed by AS D or OR configuration 
in phase p+ 1. The four possible combinations PFCs for phase p assuming that phase p-r 1 is the last phase, 
components A and V are used in phase p. and components V and Z are used in phase p + 1 are given in Equation 


PFCAXDi X. Y\OR(Y Z\+ x 
PFCASDyX. Y} r ASD<X Z^+i 
PFCOR(X.Y) r OR\Y.Z) r „ : 
PFCORiX. Y\.ASD\Y. Z V + . 


«(*? + 

= <*7 STX577 
= (*7 + S7K57T + *77?) 
= (T7+5F?(^nrf) 


= (tj W )(*>♦: ->si ) 

= (*7 J^HVc+i - Vh) 

= (17 + R'Hib+i «*+t) 

= (■f? + 5rHlb+i + *r-»' ) 


m 


When the expression for PFC r » simplified, regular Boolean algebra rules can be applied. For this purpose, 
if p and q are two phases, then t f and x, must be treated as separate variables The normal Boolean algebra 
rules such as x r : r — x r If 17 — 17 . If x r — 0, and their dual apply. Any product terms involving x r or x f 
or their complement* must be retained as it. 


An expression such as x P I f means that component A* is operational at the end of phm p but fails by the 
time phase v is finished On the other hand, an expression like If x f implies that component A is failed at the 
end of phase p hut is operational at tlie end of phase q due to repair carried out during the process. Thus, if 
p a f - 1 (two consecutive phases), then probability P(z f T^) is given by Px,i,P\,/ t and probability P{ If*,) 
is given by Pt »» r Px/„ r Other combinations are evaluated in a similar fashion If no repair is carried out then 
= 0.0 


5.4 System Unreliability 

Using the phase success criteria* for different phase* and phase algebra we compute the system unreliability as 
follows For a P phase system, tve first compute the PFC t 't for all phases assuming P as the last phase. Then 
the system unreliability is given by 

( *=. P(r P ; + Y. p i p rc,\ 

where P(Ep) is the probability of failure evaluated using the fault tree £> of phase P (the last phase) and the 
failure distribution function calculated for each component as described in Section 3. P(PFC t ) is the probability 
of phase failure combinations for phase p 

Interpretation of Boolean expressions While computing probabilities of PFC r derived above we may 
encounter ex previous like x : I}X«Ij What it means » that we are looking for probability of a combination of 
events where Component A remain* operational up to the end of phase 1. fails by the time phase 2 ends, but is 
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operational again by the end of phase 4, and then fails by the time phase o finishes. The following tree is useful 
in explaining how to compute the probability of this combination of events for component A*. 



Figure 4 A component up/fai! tree over multiple phases 

In the tree if we assume that the root at level 1 is representing an event that component A m up at the end 
of phase 1 (there is certain probability associated with it}, then the left child (at level 2) is representing that 
it is up at the end of phase 2 and the right child (at level 2) is representing that it is failed We can compute 
the probabilities of these events using expressions for Px**i and Px*f* from phase 2 parameters Similar 
interpretation exists for children of level 2 nodes front phase 2 to phase 3 as the component state changes. To 
go from Component A* has failed at the end of phase 2 tc the state that it is operational at the end of phase 4, 
there are two routes, i.e.. FJ — FJ — and I* — — x« We need to compute the probabilities of both paths 

and then add them up to arrive at the probability of combination 

We may encounter any combination of such events for a component but it should be obvious that such 
computations are required to be done for each component and not for system states For a component, if there 
are p phases, then there at most 2 rfJ values which we need to store. In an A component system, this amounts 
to A2* 41 values On the other hand in a system with A components, there could be up to 2 V states and we 
have to analyze them for p phase# So we may be storing up to p2* v states combination Normally, .V >> p (will 
not he the ca*e for example* in the paper for the obvious reasons^. Thus the technique here u computationally 
much more efficient then generating a state space and computing state occupation probabilities for those states 
for each phaw* given a distribution from a previous phase operation. 
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5.5 Computing Transient Behavior 


In the previous section. we outlined the mechanism to compute unreliability at the end of a mission, that is. the 
end of the last phase Sometime one may be interested in computing the unreliability behavior during all phase*. 
This means we need to compute unreliability for each phase as a function of time. It turns out that this is not 
expensive and can be easily accommodated in out methodology as the PFCs calculation is recursive. 

Recall that PFCs fcr a phase are computed as 

PFC, x £ P *(£,♦, V - v£» 

Also the unreliability at the end of a mission is computed using the expression 

FR= P(£» + ^TPfPfC',) 

lu a P phase system, we <iefine PFCp = Ep then lie unreliability for a P phase system can be written as 

p 

r/? = £>(pfc,) 

Thus, to compute unreliability at the end of phase p we need PFCi PFC j. . PFC', w here the PFCs must 
be calculated using phase p as the last phase. We define PFC, T as the PFC of phase i » < p. assuming phase 
p as the last phase. Then the following relation holds. 


PFC, , = PFC, P -i a 17 

The unreliability of the p<h phase is computed by using the following relation 

CRr = £piPFC,,) 

1*1 

nnd the PFC,_ , can be computed recursively using the results of PFC, • and F r With *his recursive relation 
one may compute reliability of phase p using the result o f phase p - l 

5.4 Latent Failures 

It should also be noticed that at the transition of a phase, one may see a upwards change in unreliability value at 
the phase trnnsition time This happens if the next phase has different success criteria than the current phase 
In that ease it is possible that that some of the success stales in phaae i may be failed state* in phaae i - 1 We 
define them as latent failures as the system may fail as soon as the phase change occurs. For example, in an 
automobile system, on a freeway we may be cruising at a fixed speed and wc may not need the btake subsystem 
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in * car But as soon *.* we hit a city limit, a phase change occurs and if the brakes are not fully functional, we 
are likely to hit some other vehicle. To compute unreliability increase due to phase change from phase i to phase 
t + i, we compute VR< Then, we compute CRt* which is just after the end of phase * and beginning of phase 
• + 1 For this purpose, we modify the success criteria and u is now a logical sum of tie success criteria* oV phases 
t and < + 1 evaluated at the end of phaae i using parameters of phase i. We define this as L , = E\ + £\+: with 
£ 4+ i specified using component status at the end of phase i. PFCs also need to be reevaluated as I, instead of 
£, for the phase i (for earlier phases, we will stil) use E f and not L ? for p < i). 

We will demonstrate our methodology using the examples described above in the following section 

S.7 Example Computations 

In the first example, we use the two cornponeut system with four phases. In the first phase, we require component 
A for operation (and therefore there & uo repair on it . sec discussion above in Section 4; Component B has 
associated with it both failure and repair rates. Then wc alternate between the use of component aud repair 
Thus the success criteria? for four phases are specified by 

£i = 5Fu-A: = 5T: £1 = S£}(B; = £j = SfjM) = 3$: SE 4 'B) (9t 

l' sing the above information, at the phase changes from p to p+ 1. there could be later.? failure (they are 
in this system) and to evaluate unreliability including phase change boundary, we will use L. instead of £, as 
discussed above. The success criteria wit h latent failures is given by 

Lx * SfiU) -££.(«) = *7 -F; I: = 5£j(B)-c5£ji.4) = h + *5 I 3 - SC 3 M) + S£'j(£») = (10) 

We assume that there is no phase change after phn<* 4 Using this information we can compute PFCs as follows. 


prc l3 =(£; I?) 

= 

PFCu -t PrCxz T,) 

= «Tha 3 

PfCii = T^i 

- Fja 3 

PFCu T<) 

= 

PFCu = [PFCk To 

= I}U 3 F, 

PFC* = lf 3 To 



Now to compute latent PFCs (that is including latent failures at the phase transition points) we use the 
aame explosions except that we need to L, instead of F, and obtained the following LPFCt Notice that in the 
recuraive function, we continue to use PFC and L, is only uaed for the current last phase 
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Table 1: State Probabilities lad Uncgli»bilittg$ for * two component syiiem 


State 

BP1 

EP1 

BP2 

EP2 

BP3 

EP3 

BP4 

t ' 

Factor 

1 000 

1.000 

1.000 

0.891 

0.891 

0.891 s 

0.891 s 

0.81 

11 

1 000 

0891 

0 891 

0.891 

0 891 

0891 

0.891 

0 891 

lu 

0.000 

0.009 

0.000 

0.099 

0000 

0 009 

0 000 

0099 

10 

' 0.000 

0.099 

0.000 

0.009 

0.000 

0 099 

oooo 

0.009 

00 

0.000 

0.001 

0.000 

0.001 

0.000 

0001 

0.000 

0.001 

LIL _ 

0.000 

1 0.100 

j 0.109 

.1981 

.200119 

0.2855071 

0.29265203 

0.36338683 j 


LPFC:+ = (£*i Z?) st 

^(PFCijZJl =. 97^0363 <12) 

£PFCj3 = (£*2 Z3) = *30363 

Then the unreliability at the end of phase p and at the beginning of phase p-r 1 is given by the following 

expressions. 

«'R, = i:;,‘ PiiPrc,,)* pa,i 

W« computed numerical result* using above expressions and parameters values which are easy to verify by 
hand computation We first used phase durations for each phase as 10 hours and value of failure and repair rates 
for both components in such a way that the factor a at phase duration of 10 hours is equal to 0 9 Also, if repair 
is applicable, then parameter d in all phases for applicable components is also 0.9 Using, these parameter values, 
we get the results shown in Table 1 . Here BP and FP stands for beginning of phase and end of phase and we are 
tabulating SOP for each state, reliability, and unreliability and we have a multiplication factor associated with 
all column entries Idea is to be able to clearly set «Iiat the results are comet The results are obtained using 
SH ARPE [2] program where PFC expressions were hand coded EH ARP (10]. sad hand calculations the results 
match in nil cases to 9 significant digits The multiplication facto? only applies to SOPs and the unreliability 
values arc as they are luted 

To give a better idea appreciation for results and match the results of this table to that obtained ming 
Markov chain analysis. the Markov chains and the initial state occupation probabilities for four phases are 
shown in Figure 5 Any state occupation probability not shown is *ero (that is the case for three states out of 
four in evety phase) Two of the stales are failure states in each phase. One of the remaining two states becomes 
a Intent failure state Thus only one state is operational state at Die beginning of each phase 
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figure 5: Markov Chains for four phases with initial SOPs 


Table 2: Inreliabilnict for a two component system (variable parameters! 


1 

Case 

FP1 

— 

BP2 

. 

EP2 

BP3 

EP3 



BP4 

EP4 

* 

1 

O 

y 

0 99995000 

1.6319*093 

2.63176774 

3.26369553 

nsssn 

4.89514383 

5.89460434 

2 (xlO" 4 ) 

0.99995000 

1 99990001 

... 

2.99955004 



5 99820036 

6.99755057 

3{xl0- 5 ) 

0.9995001$ 

1.09936570 

2.09778703 

2.19756275 

3 19486645 

3.29453247 

4.29073975 * 

4 (xlO- 3 ) 

0.99950016 

1.99600133 

2.99550450 

3 99201066 

4.98752081 

5.98203595 

6 97555707 , 

5{xl0- 4 ) 



2.06299916 

2.12619791 

3.12593531 

3.18912734 

4.18875844 

6 t xlO* 4 ) 

0.99995000 

1.09993950 

2.09977952 

2.19975802 

3.19948805 

3.29945556 

4.29907563 

7 (xlO - *) 

0.99950 i$ 

1 00948962 

2.00798080 

201796017 

301544338 

3.02541268 

4.02188894 

8 (xlO* 3 ) 



2.09779654 

2.19758177 

3 19488546 

3.29456098 

4 29076824 


.Next we used other data to compute the results. In all case* the repair rate if applicable remains to be 
0 100/hour. Id the first four cases, are use failure rate of each componeot irrespective of usage aa 0.00001/hout. 
In the last four cases, we use failure rates of used components as 0 00001 /hour while those under repair as 
0 000001/ hour The phase durations for cases 1. 2, » and 0 are 10 hours while id other four cases. 3. 4. 7 and 
8. are 100 hours. In even number cases, the analysis is done by ignoring repairs while odd cases include repairs 
Table 2 contain the results obtained in all case* 

First notice the multiplication factors for «wcli row A factor of 10 difference is there due to the mission 
(phase' times Next, when we ignore repairs we notice a substantial change in unreliability values obtained in 
the drat four cases when the failure rales are the same whether a component is being repaired or not Thus 
repairs must be accounted for in such cases. More interesting results are obtained when the components being 
repaired have an order of magnitude smaller failure rates (cases 5-8) In these case* ignoring repairs impacts the 
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results but in this example the difference is not substantial. So one may choose one vs another analysis based 
on parameter values. 

Example 2. For example 2 . we consider the three components. A. B. and C. system with two phase config- 
urations AND and OR and three phases In each phase one component is not used Suppose component A is 
not used in phase 1 , component B is not used in phase 2. and component C is not used in phase 3. There are 
eight possible combinations ( AXD or OR in each phase). We will not write expressions for PFCt and LPFCa 
for all cases here. But to demonstrate how to derive them, for one case when Phase 1 is OR(B. C). phase 2 is 
ASD{C.A) and phase 3 is AX D{ A. B ). Then 

PFC\t = PF CORiB. C)\AX D C , 4 )j = (6, -t- — «:l 

and 

PFC js = PFC AX 0 (C,.lij.lA D\A. B)j — (77 ■* 63) 

as computed in Equation S. We can also compute PFCn using the recurrence relation to obtain 

PFC\ s= PFC) (6i ■‘•cTMcs + a?)(aj' 4 - h) 

To compute the probabilities of these expressions we need to expand the expression in mutually exclusive 
terras. It should be noted that when expressions are in product of expressions form, each product expression can 
be independently expanded into mutually exclusive terms. Then a product expansion will give all terms which 
ate mutually exclusive So using this we compute probabilities of PFCt as given below for this case 

P(PFC.i) = P(tl7+?7K< , 3 •+ «r) * P(iF + tiTTMr - Sj<l)) 

= P|ajJo + P(3 jF7cj)-*- P{a;b P^jhjT^ej} 

P(PPCis) = + = (5T + *:?T)(a? +acCj)(ase<TJM 

= PiojOsFi) + PlojOj^TT) + P{a,V&h) A P(o ( 14 ) 
= -P( 3 >a 3 Fc ) ) + P{Sjo s ^ rfc-j > + P(Jj 3 irhjC-> I - P( 57336, 6377c } ) 

PF C33 = PticrffjHaj 4 63) = + 5563)) 

* P(3j7j«sl — 

We programmed each of the eight possible cases. We used failure rate for each component to be 0 . 000 1 /hour 
and repair rate 10 be 0 1 /hour whereever applicable in a 10 hourt/pbaae mission The results for eight caws are 
shown in Table .1 Here in phase name *A* meanr AXD phase and "O ' means OR phase. Then, we assumed 
that the failure rate for «he component under repair is small i e. 0 00001 /hour and recomputed all the eight 
**•**■ These results are in Table 4 . One can notice the difference in unrehabilitv in the two cases. We are not 
showing the retulla when we ignore the repairs altogether hut. ere noticed that the difference m significant in the 
first case and relatively lest in the second ca*e 
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Tabic 3: Unreliability for eight cam with same failure rates 


c** 

EP1 

BP2 

EP2 

BP3 

EP3 

AAA 

9.99000583*07 

1.62990993*06 

4.25556226*06 

5 88170181*06 

9.49979360e-06 



1. 99800 133e-03 

1. 99962799c -03 

2.00065528*03 

2 00390329* 03 



1.63072502*03 

3.62546817*03 

3.625468 17e-03 

3.62745761*03 

OOA 

199800133*03 

2.62859528*03 

4 62134468*03 

4 62134468*03 

4.622967O5e-03 

AAO 

9 99000583*07 

1. 629 90993*06 

4.25556226*06 1 

2.62891027*03 

4 62165904c- 03 

OAO 


1.998 00133e-03 

1.99962799*03 

1 4.62239334e-03 

6 24453356c- 03 



1.63072502*03 

3.62546817*03 

4 62103010*03 

6.60979861*03 



2.62859528*03 

| 4.62134 158*03 j 

5 25029 105e-03 i 

! 

7 23779231c- 03 

. .... ... i 


Table 4 Unreliability for eight cases with iow failure rates for components while under repair 


Case 

EP1 

BP2 

EP2 

BP3 

EP3 

AAA 

9 99000583*07 

1.00211326*06 

3.12110793*06 

3 37835367*06 

6.06492674*06 

OAA 

1. 99800133c- 03 

1. 99800 133e-03 

1.99906133*03 

1 99912829*03 

2.00124603*03 

AOA 


1.06264640*03 

3.03852457*03 

3 05852457*03 

3 05994942*03 

OOA 

1. 99800 133c-03 

2.061 084 45c-03 

4.03496774*03 

4 05496774*03 

4.05602555*03 

AAO 

9.99000583*07 

1.06211326*06 

3 12110793*06 

1 49368754*03 

3.48870448*03 

OAO 


1 99800133*03 , 1.99906133*03 

; 3 48887187*03 

5 11330514*03 



1.06264640*03 

3 05852457*03 

3 48807495*03 

i 

547910711*03 

OOO 

1 99800133c- 03 

i 

2 06108445*03 

4 05496 77 4*03 

1 4 11792084* 03 

6 10709456*03 


Table 5 Unreliability for 'all is well if end is well ' case 


Care 

EPl 

BP2 

EP2 

BP3 

EPS 

a J->R 

1.89137172*03 

1.89437172* 03 

2.52512938*03 



2 52542938*03 

- 

3 38726223*03 

o N 

2.99559450*03 

2 99 550450* 03 

3.99300567*03 ! 3 99300567*03 

1 

597905190*03 

•doR 

2 52263933*10 

6 32255388*04 

864817157*04 

2.54997399*03 

3.39046756*03 

i >JoS 

9 98501249*10 1 

1 00049817*03 

2.00198537*03 

5 98203595*03 

| 8.95962123*03 
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Example 5. In our last example, we programmed the third ease where the three phases are a = OR , 3 - 
OR - AND. and ■> = OR as shown in Figure 3 We ran four cases for this example These had two orders od> 
and yAo and in each ease there is repair on all component* in all phases (R) or no repair on any component <N). 
The phases are each of 10 hours durations. The failure rates for each component in eaeh phase is 0.0001/hour. 
The repair rates for each component when applicable is 0.1/hour. The results are shown in Table 5 Notice two 
things. Once ignoring repairs have significant impact on unreliability due to repairs, in particular for the system 
where the success criteria is more stringent during the later phases With repairs the unreliability can be almost 
maintained at the same levels as is the case in the first and the third line 


6 Managing Phased-Mission Systems with Repairs Using RBDs 

It should be mentioned that this analysis can also be carried out using RBDs. Recall that in [5] each component 
A model in phase p is replaced by a series of events XiXj - x r In case of repairs, each component mode! will 
be a parallel series model derived out of component up /fail tree as shown in Figure -I There will be up to 
V~‘ parallel branches. Each branch represents one unique path from root to one of the leaf t node ui the tree. 
Notice that if a particular phase does not have repair on a particular component, then the tree does not have 
any expansion from that the intermediate D node in the tree The rest of the analysis remains the same. 

7 Conclusions 

We have presented a technique to analyse phased-mission systems including component repairs whose phase 
success criteria* can be expressed using fault trees This technique yields accurate result* and is simple in 
concept and computation For this purpose, we enhanced phase algebra to include the effects of phases that 
allows us to efficiently compute the probabilities of all possible combinations contributing to failure in phased- 
mission systems during individual phases This technique is very useful for a large class of systems where during 
the long mission times the system includes repairs but system operational behavior can be described using fault 
tree*. Several examples have been included to show the effects of repairs and how to manage it computationally 
Currently we are incorioraliug theee techniques in reliability analysis tool* 
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renabihtv analyses aaanme that the aystem configuration , *acc ear criteria, and component behavior r emain the tame. 
However, multiple phase* ate natural We present a new compatationaBr efiicieat technique for analra* of phased- 
mission systems where the aperatfocal states of a system caa be described bv combinations of components states 
(aach as taah trees or assertions) Moreover, individaal components may be repaired, if failed, as part of avatem 
operation bat repairs are independent of the system state. For repairaHe systems Markov analysis techniques are 
aaed bat they safer from state apace explosion. That limits the sue of system that caa be an a] vied and it is 
expensive in computation We avoid the state space cxplnmon The phase algebra » aaed to aicouat for the effects 
of ▼aruble cotigu iiion* rtptir*, and uccew criteria from pkaar to pkiAf Our tecluuqie ridds exact (u opposed 
to approximate) results WV demons' rate oar technique by means of several examples and present avmenmi results 
to show the effects of phases and repairs oa the system rehabihty /availability. 
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